antonioCoco
/ TaskManagerSecret.c
Created
August 29, 2023 01:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| TaskManagerSecret | |
| Author: @splinter_code | |
| This is a very ugly POC for a very unreliable UAC bypass through some UI hacks. | |
| The core of this hack is stealing and using a token containing the UIAccess flag set. | |
| A trick described by James Forshaw, so all credits to him --> https://www.tiraniddo.dev/2019/02/accessing-access-tokens-for-uiaccess.html | |
| From there it uses a task manager "feature" to run a new High IL cmd.exe. | |
| This has been developed only for fun and shouldn't be used due to its high unreliability. |
Mikaayenson
/ sample_chatgpt_security_use_case.py
Last active
September 2, 2023 17:29
Sample use case to demonstrate applying the new chatGPT model to security summaries.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import openai | |
| import requests | |
| import textwrap | |
| import uuid | |
| # pip3 install openai requests | |
| # setup the API credentials | |
| es_username = "<your username>" | |
| es_password = "<your password>" | |
| es_url = "https://localhost:9200" |
coolaj86
/ ChatGPT-Dan-Jailbreak.md
Last active
May 20, 2024 12:54
Samirbous
/ susp exec via run key
Created
October 12, 2022 16:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sequence by host.id with maxspan=1m | |
| [registry where registry.path : "*\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\*"] by registry.data.strings | |
| [process where event.action == "start" and | |
| /* recently created files */ | |
| process.Ext.relative_file_creation_time < 500] by process.executable |
andrewkroh
/ filebeat-to-fleet.md
Last active
January 17, 2023 20:26
Routing Filebeat data to a Fleet integration data stream
This is an unofficial tutorial that may be useful to users that are in the process of migrating to to Elastic Agent and Fleet. It explains the steps to route some Filebeat data into a data stream managed by a Fleet integration package.
Installing a Fleet integration sets up all of its data streams and dashboards. There are two methods to install. In these examples we install the Hashicorp Vault 1.3.1 integration.
SwitHak
/ 20211210-TLP-WHITE_LOG4J.md
Last active
May 14, 2024 11:08
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC
Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)
- If you want to add a link, comment or send it to me
- Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak
- Royce Williams list sorted by vendors responses Royce List
- Very detailed list NCSC-NL
- The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
Neo23x0
/ log4j_rce_detection.md
Last active
January 28, 2024 08:19
Log4j RCE CVE-2021-44228 Exploitation Detection
You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
NDJSON is a convenient format for storing or streaming structured data that may be processed one record at a time.
- Each line is a valid JSON value
- Line separator is ‘\n’
cat test.json | jq -c '.[]' > testNDJSON.json
leopucci
/ auditmap.go
Last active
April 16, 2019 10:38
Windows 10 msobjs.dll audit list converted to go map
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| auditMessageMap := map[int]string{ | |
| 279: "Undefined Access (no effect) Bit 7", | |
| 1536: "Unused message ID", | |
| 1537: "DELETE", | |
| 1538: "READ_CONTROL", | |
| 1539: "WRITE_DAC", | |
| 1540: "WRITE_OWNER", | |
| 1541: "SYNCHRONIZE", | |
| 1542: "ACCESS_SYS_SEC", | |
| 1543: "MAX_ALLOWED", |
andrewkroh
/ event1.json
Last active
August 2, 2022 15:22
Winlogbeat - Sysmon Processing for ECS (Elastic Common Schema)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "@timestamp": "2019-01-29T19:10:47.538Z", | |
| "beat": { | |
| "hostname": "DESKTOP", | |
| "name": "DESKTOP", | |
| "version": "6.3.2" | |
| }, | |
| "event": { | |
| "kind": "event" | |
| }, |
NewerOlder